Circuit CAD Toolsas a Security ThreatCircuit CAD Tools

as a Security Threat

University of Michigan† and Rice University‡University of Michigan† and Rice University‡

June 9, 2008

Jarrod A. Roy†, Farinaz Koushanfar‡ and Igor L. Markov†

June 9, 2008

Jarrod A. Roy†, Farinaz Koushanfar‡ and Igor L. Markov†

Trusted Computing

Breaches of hardware security increasingCell-phone tapping of Greek officialsKinko’s key loggerCompromised weapons systemsElectronic voting irregularities

Push for open-source EDAEasy to spoof binaries and libraries

Emerging technology must be tamper-resistantSmart cards, RFIDs, e-cash, …

Demand for trusted computing increasing

Key logger sold by

ThinkGeek

Software vs. Hardware Exploitation

Both target unauthorized control of a system, but …

Software exploits are well-studiedAnti-virus and anti-malware programseffective, quickly updated for new threatsRemoval usually possible

Complete system reinstall as a last resort

Compromised hardware more challengingCan be designed to resist modern detection techniquesRemoval may not be possible

Post-silicon fixes slow, expensiveMay need to completely replace

Anatomy of a Hardware Trojan

Trigger: activates the exploitSpecial input sequenceTime

Payload: performs the intended actionReplace logicDump sensitive dataInject faults

Memory: storage for the exploitTrigger patternsCompromised dataSide channel bufferDetection avoidance

Avoiding Detection

Trojans can be considered design errors

Can standard verification techniques catch them?Bounded Model Checking (BMC)

Simulate circuit for several cycles,check output against golden modelDefeated by: add binary counter andtrigger exploit after several days or weeks

Design for Test (DFT)Test circuit after manufactureUse scan chains and automatictest pattern generation (ATPG)Defeated by: insert before ATPG

– Trojan is now fault-tested!

Injecting Trojan Horses

Designs can be altered at nearly any flow stageBy compromised tools

Logic synthesis tools can add payload logicRouters can introduce shorts, opens

Or the scripts that run themPreprocess VerilogPostprocess gate-level netlist

First step of injection is target detectionPattern-matching in text files, e.g., VerilogPattern-matching distinctive circuitsCombinational equivalence checking

Case Study: Compromising Crypto Circuits

Cryptographic circuits have many unique elements:Large quantities of XOR gates, bit shifts and bit permutationsDistinctive “magic” constants

Changing one constant can disable randomness, for example

Application “Magic” constants or formulas

Linear congruential PRNG

Mersenne twisterMT19937 algorithm

397, 624, 1812433253, 2567483615, 2636928640, 4022730752

MD5 hash0x10325476, 0x67452301,

0x98BADCFE, 0xEFCDAB89

SHA-256 hash

0x1F83D9AB, 0x3C6EF372, 0x510E527F, 0x5BE0CD19, 0x6A09E667, 0x9B05688C, 0xA54FF53A, 0xBB67AE85

xn+1 = 279470273 × xn

mod 0294967291xn+1 = 279470273 × xn

mod 4294967291

Compromising Crypto Circuits

Identifying bit permutationsDES uses at least six distinctive 32-bit permutationsCarefully crafted attack on DES could remove permutations, exposing plaintext

Substitution functionsEasily identified bymagic constants or equivalence checkingAES uses several S-boxes

Compromised with standard fault injection techniques

Countermeasures

Attackers can defeat static testing techniquesLeverage short avg. test time, difficulty of 100% verificationSolution: dynamic verification

The DIVA approach [Weaver & Austin 2001]Add simple circuit to verify in real-time

Small enough to be known correct

On error, begin analysis and recoveryOr shut down completely for data security

Verifier

Error?

Inputsand Outputs

Conclusions

High demand for trusted computingMilitary, medicine, voting, …

Attackers can modify CAD tool flows to inject TrojansAutomatically recognize certain circuit types

Magic numbers, permutations, substitution functions, …

Inject targeted changes/faultsTrivially resistant to modern test techniques

Dynamic verification helpsVerify all outputs of untrusted circuitsWill slow but not necessarily stop attacks

Total solution an open challenge

Questions?